You’ve been brought in as solutions architect to assist an enterprise customer with their migration
of an e-commerce platform to Amazon Virtual Private Cloud (VPC).
The previous architect has already deployed a 3-tier VPC.
The configuration is as follows:
VPC: vpc-2f8bc447
IGW: igw-2d8bc445
NACL: ad-208bc448
Subnets and Route Tables:
Web servers: subnet-258bc44d
Application servers: subnet-248bc44c
Database servers: subnet-9189c6f9
Route Tables:
rtb-218bc449
rtb-238bc44b
Associations:
subnet-258bc44d : rtb-218bc449
subnet-248bc44c : rtb-238bc44b
subnet-9189c6f9 : rtb-238bc44b
You are now ready to begin deploying EC2 instances into the VPC. Web servers must have direct
access to the Internet. Application and database servers cannot have direct access to the
Internet. Which configuration below will allow you the ability to remotely administer your
application and database servers, as well as allow these servers to retrieve updates from the
Internet?
A.
Create a bastion and NAT instance in subnet-258bc44d, and add a route from rtb-238bc44b to
the NAT instance.
B.
Add a route from rtb-238bc44b to igw-2d8bc445 and add a bastion and NAT instance within
subnet-248bc44c.
C.
Create a bastion and NAT instance in subnet-248bc44c, and add a route from rtb-238bc44b to
subnet-258bc44d.
D.
Create a bastion and NAT instance in subnet-258bc44d, add a route from rtb-238bc44b to
Igw-2d8bc445, and a new NACL that allows access between subnet-258bc44d and subnet-
248bc44c.
Explanation:
Create NAT instance in public subnet which is web server subnet (suDnet-258Dc44d) and add
route (rtD-238Dc44D) from private subnet (database subnet-9189c6f9) to the public NAT one to
retrieve the updates.
A